home

gynzyen.exe

Gynzy

This is a setup program which is used to install the application. The file has been seen being downloaded from maxcdn.gynzy.com.
Publisher:
Gynzy  (signed and verified)

MD5:
0d9258a30e7d5a851919d7cc600e50c6

SHA-1:
c8e2aab6ab69cf614ccf5f431eb7a8e0f9bc92af

SHA-256:
a9df43968453941bf63dc0a48d96cf42564d4c7992cff07fcc5cd096574a4411

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
11/23/2024 5:57:03 PM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Worm.VBNA.Win32.257173
2.0.0.2527

File size:
323.2 KB (330,960 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\gynzyen.exe

Digital Signature
Signed by:
Gynzy

Authority:
TC TrustCenter GmbH

Valid from:
6/7/2011 9:08:15 AM

Valid to:
6/7/2014 9:08:15 AM

Subject:
CN=Gynzy, OU=TC PublisherID for Adobe AIR, O=Gynzy, L=Eindhoven, C=NL

Issuer:
CN=TC TrustCenter Class 2 L1 CA XII, OU=TC TrustCenter Class 2 L1 CA, O=TC TrustCenter GmbH, C=DE

Serial number:
00E88E000100020629A8135F46F176

File PE Metadata
Compilation timestamp:
3/11/2011 2:56:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:BttPaFp1qTBwf5LEKEwPPWj7/7jTDKLIRJQp+0jsc9EDpP3TkT7IEesbhg:BttPm1qT6RLEruWjLjDV0+0js5P3AT7a

Entry address:
0x1362

Entry point:
E8, B8, 22, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, 08, 50, 41, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, 0C, 50, 41, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, 1D, 1F, 00, 00, 85, C0, 75, 06, B8, 70, 51, 41, 00, C3, 83, C0, 08, C3, 8B, FF, 55, 8B, EC, 33, C0, 39, 45, 08, 6A, 00, 0F, 94, C0, 68, 00, 10, 00, 00, 50, FF, 15, 68, F0, 40, 00, A3, CC, 5C, 41, 00, 85...
 
[+]

Entropy:
7.6908

Code size:
55.5 KB (56,832 bytes)

The file gynzyen.exe has been seen being distributed by the following URL.

http://maxcdn.gynzy.com/bord/air/player_loader/.../GynzyEN.exe

Scan gynzyen.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.